Authored by: Anonymous on Monday, August 25 2003 @ 11:22 AM EDT |
http://biz.yahoo.com/d
jus/030825/1353000763_1.html
SCO Group's Web Site Target Of Hacker Attack, Again>SCOX
Monday August 25, 1:53 pm ET
By Marcelo Prince, Of DOW JONES NEWSWIRES Rand[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 11:29 AM EDT |
An off-the-cuff remark by the receptionist who answers the telephone should not
be considered a definitive response to the status of the company's web site.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Calibax[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:01 PM EDT |
www.sco.com back but no info about absence. geoff lane[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:02 PM EDT |
www.sco.com back up, still running Linux. Heh.
http://uptime.netcr
aft.com/up/graph/?host=www.sco.com Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:06 PM EDT |
From Netcraft:
http://uptime.netcraft.com/up/performance?site=www.sco.com&collector=all
states website was CHANGED August 21 2003
Linux Apache 21-Aug-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC
17-Jun-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1
20-Nov-2002 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1
14-Aug-2002 216.250.140.125 NFT
My formatting broke, after Apache on the first line, 21-Aug-2003 is the "Last
Changed" date.
Curious
btw The kernel source IS still there....
I wonder what is not there anymore? nm[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:07 PM EDT |
Is it just me, or did SCO take the opportunity during their alleged DDOS to
update the site quite a bit?
First, there's the new ads on the front page (I kinda liked that TV on the
beach... gone now). Then there's the whole SCOForum hooplah now documented
online, with many (and I do mean many) hires images to show the world just how
glamorous it is to be an modern-day IP pirate:
http://www.sco.com/2003forum/
snapindex.html Belzecue[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:09 PM EDT |
I didn't notice it immediately, but the SCO home page now has a link to
www.tarantella.com.
This is curious as Tarantella is the remains of the old SCO and markets web
solution software. Yet SCO recently announced that they were going to move into
web based solutions and services. Why link to a compeditor? Or is there a
closer relationship than we have thought? geoff lane[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:10 PM EDT |
Paul:
The netcraft data says: latest data 21-aug-2003 , thursday last week
But it interesting to note that the server config seems to have changed that
day
from
Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC
to
Apache (with no config info)
So it loks like somebody did something to the server config, and maybe screved
up Magnus Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:23 PM EDT |
Another reader just emailed me that he also called and got the same story from
SCO. pj[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:24 PM EDT |
has somebody eyes like an eagle and can read what's on this t-shirt?
http://www.s
co.com/2003forum/snapimages/forum5%20016_jpg.jpg andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:25 PM EDT |
On the Dow Jones story, that seems to be based on emails to the press from
Raymond, or so it says. pj[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:27 PM EDT |
Geoff, when new SCO (Caldera) bought UNIX from old SCO (Tarantella), the
majority of the purchase price was in Caldera shares -- about 15.5 million if my
memory serves me correctly. I don't know if Tarantella still owns those shares,
but it certainly would reduce the competitive relationship somewhat.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Calibax[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:29 PM EDT |
I still find it strange that they weren't screaming bloody murder all weekend
long if there were truly a DDoS and then suddenly, after ESR reports on the
unknown 'Internet Engineer', they start reporting an attack. Why does it feel to
me like a great excuse for a total screwup in a server reconfiguration
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Jerry[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:34 PM EDT |
Calibax, They bought back all those shares from Tarantella, as I recall.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">pj[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:36 PM EDT |
don't know if this is something new, but the sponsors site which is linked of
the sco forum page isn't anymore available..
it's linked to http://www.sco.com/2003forum/s
ponsors.html .. all sponsors gone? andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:36 PM EDT |
The T-Shirt
says:
GOT UNIX IN YOUR LINUX
mumble...mumble
I SAW IT FOR MYSELF AT SCROTUM 2003
I still have not seen independent confirmation about any DDoS attack. And who is
Ganesh? El Tonno[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:36 PM EDT |
Listening in on the Yahoo message board it seems that they have blocked archives
from searches and google caches. It also seems as connections are OK from some
place and bad from others.
This could indicate that the blocking of searches and google chaches interferes
with access from some other parts of the internet. This rather techincal
changes, as opposed from just content, could explain what we are seeing.
Yea, I know there are many if's in here. Magnus Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:38 PM EDT |
So who did ESR talk to? He supposedly talked to a go-between for the guy who
claimed to have done the DOS attack?
And on the stock's continued rise: they have about 5x more "short interest" than
the other software companies I checked, and a much smaller "float" (shares that
are available for trading). It's a speculator's dream: fat lawsuit in the
works, fairly low priced, lots of publicity, and volatile movements. It's a
classic setup for a "short squeeze", because as stock prices rise, short sellers
HAVE to cough up cash to cover their positions OR buy shares ... UNLESS they
owned the stock and sold it short (called selling "Short against the box").
That is a valid way to lock in a profit and (maybe) delay a taxable event.
Because an ordinary short seller can lose a lot of money if a stock rises
abruptly, with no theoretical limit on the lossses, they are quick to jump off
and cover their shorts. That leads to more volatility.
One way SCO executives could profit from their holdings (unless it is prohibited
by insider trading rules) is by selling "call options" on their stocks. It
doiesn't appear to b ehappening. Tsu Dho Nimh[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:39 PM EDT |
An off-the-cuff remark by the receptionist who answers the
telephone should not be considered a definitive response to the status of the
company's web site. Agreed - in my experience, at a company the
size of SCO what you hear from the receptionist is often a lot closer to
the truth than what you hear from senior mgmt!Cranky Cranky Observer[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:40 PM EDT |
hehe, i'm very interested in the "mumble...mumble" :).
The last sentence says: I SAW IT FOR MYSELF AT SCOFORUM 2003. hmm.. did these
slides sco showed anybody convince? i can't imagine.. andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:42 PM EDT |
An explanation of Short Selling and other resources can be seen here
http://stocks.about.
com/library/weekly/aa120202a.htm Rob[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:44 PM EDT |
blocked google caches? well of the whole sco site or just specific ones?
-> http://216.239.33.104/search?q=cache:6NanirOL3o4J:www.sco.com/+sco&hl=d
e&ie=UTF-8 andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:48 PM EDT |
andre: compare that one to the site just now ! Magnus Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:48 PM EDT |
Andre,
The shirt says "GOT UNIX IN YOUR LINUX?"
What else would one expect $SCO? MajorLeePissed[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:53 PM EDT |
MajorLeePissed: yes, i know, i'm not blind ;). i meant the small part in the
middle.
Magnus Lundin: ehm, i compared, google cache is before the sco forum. or what do
you mean? andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:56 PM EDT |
andre: Right, so if google can't crawl and cache this site than the cache will
stay old, or ?, I am dont know much about the google cacheing scheme. Anyway,
presently it only shows that new updated cahce has been saved for some time.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Magnus
Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 12:58 PM EDT |
Two other observations, one on the SCOforum pics and the other on the Web
site(s):
(1) Isn't it ironic that the podium where the presentation was done seems to be
made of cardboard and tissue paper, and is full of holes?
(2) Is there any significance to the fact that apparently www.sco.com and
www.caldera.com are exact copies of each other?
Is one mirroring the other? According to IP addresses, they're not the same
machine, but ya coulda fooled me, judging by the content. Steve Martin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 01:03 PM EDT |
This from the
Washington Post (opinion piece, not news story). With mainstream,
non-technical press like this. I guess this ride is almost over.
"Baltimore: What's your take on the SCO/Linux battle? I'm afraid that it will go
a long way to dampening a lot of innovation in the computer field. The U.S.
desperately needs to revise its Intellectual Property laws (both patent and
copyrights), but I have real doubts the only benefactors of any reform attempts
will be the lawyers. Could this further the flight of the IT industry from the
U.S. shores?
"Rob Pegoraro: I was wondering if I'd ever get any questions about this. Here,
again, I only know what I read in the papers. What I do know, however, is that
the evidence SCO (a developer of Unix software in Utah) has offered in public to
back up its claims that its code has been stolen and reused in Linux is... kinda
of nonexistent. If a reporter working for me filed a story with equally skimpy
proof, I'd tell him to go out and do some real reporting.
"The fact that SCO is then asking companies to pay it licensing fees (starting
at $699 a server) without documenting these claims strikes me, personally, as
just whacko. I mean, by that logic *I* could claim that I wrote half the Linux
kernel. " r.a.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 01:25 PM EDT |
according to the last sentence of r.a. post, i'm really wondered how much
trouble and publicity SCO can get with such practices. How and why is that
possible? Claim without prove, ehm.. aren't we civilized? andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 01:32 PM EDT |
I'm not sure about what changes were made to the website, however they
haven't made many changes to their ftp site. They're still offering Linux
source code, for example. Here is a
link to my page where I've documented the files on the various SCO ftp sites.
Note that there are over 400 copies of various Linux 2.4 kernel source rpms on
ftp.sco.com.
Also note that I've found a former SCO
mirror site that still appears to have all the files still there. Inside
that mirror I found the BPF code that was presented as stolen from Unix. I've
also documented this on the page I mentioned. Frank[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 01:41 PM EDT |
I just linked through linuxtoday.com and found this article:
http://linuxtoda
y.com/infrastructure/2003082501026NWCYLL
It appears Eric S. Raymond (Pres, OSI) is saying he has confirmation that SCO
went down due to DoS attack. Anybody else know anything about it? Phil Long[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 01:42 PM EDT |
nice documented frank. my first impressions is that there aren't any interesting
changes on the sco ftp concerning the sco openlinux or the kernel-sources. any
body discovered something? andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 01:53 PM EDT |
This is all I can glean from the low res portion of the image (too bad SCO
couldn't provide higher res close-ups of the shirt). No guarantees of accuracy.
I've left blank underscores for words I couldn't get, if someone else takes a
look, we might just get the puzzle solved...
Line 1:
____ SCO owns the legal copyright to Unix System V
Line 2:
____ SCO owns all claims ____ out of ____ by Unix (Linux?) ____
Line 3:
____ ____ ____ proof of direct copying of System V ____ ____
Good luck to whoever tries to finish this. :) RoQ[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:10 PM EDT |
RoQ: Dang! What did your use to view that image. All I'm getting is blurred
text
no matter how I process it.
And did anyone notice that they appeared to have put the little trademark
symbols
after UNIX and LINUX in the title? Stephen Johnson[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:15 PM EDT |
Not that difficult, it's basically a puzzle. You more-or-less stare at blurred
shapes and try and fit words to match the shapes. I'm afraid I can't be any more
specific than that.
It's a lot like those blotchy images you stare at just right, then suddenly a
sailboat appears... RoQ[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:17 PM EDT |
Oh, and I did notice the trademark symbols. Pity that SCO doesn't own either
trademark :) RoQ[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:21 PM EDT |
UPDATE: last two words of line 3: "into Linux"
I'm still staring... :) RoQ[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:27 PM EDT |
Here's my guess:
SCO 0wns the legal copyright to Unix System V
SCO 0wns all claims arising out of by Linux vendors
SCO has pr00f of direct copying of System V into Linux.
That word on the second line should be doable. The letters look like "solpruim"
but that doesn't make any sense. Of course, since has anything put out by SCOX?
:) Raph Levien[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:32 PM EDT |
UPDATE: On the second line, between "arising out of" and "Unix/Linux?" looks
like "violations" to me now...
I'm not quite sure I agree with "Linux vendors", since they've not made a single
move against distributors, but rather end-users... RoQ[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:36 PM EDT |
The formatting of my last post was garbled, sorry. RoQ is certainly right about
"violations"
(hey, "solpruim" was pretty close, no?). I'm still unsure about the word I
tagged as "vendors", but it's about the right size - "users" would be way too
narrow, and "distributors" would be way too wide. Raph Levien[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:36 PM EDT |
OK, ok, I now think the last two words on line 2 are "Unix licensees" (since
that makes sense). So the final phrase looks like the usual SCO propaganda line,
and I can't believe they put it on a T-shirt:
* SCO owns the legal copyright to Unix System V
* SCO owns all claims arising out of violations by Unix licensees (the
shut-the-F-up-Novell line item)
* SCO has proof of direct copying of System V into Linux
Enough staring... RoQ[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:37 PM EDT |
Other topic: On the Linux development process
SCO has argued the impossibility of Linux developing as fast as it does without
IBM transferring massive amounts of UNIX code and development method's into
Linux.
So I took a look at the changelog for the newly released 2.4.22 kernel, this is
an update of
an old and stable release. The 2.4.21 kernel was released early june 03.
Since then there has been almost 1400 accepted patches/fixes by some 200
developers. And this is not the
2.5 development and new upcoming 2.6 kernel. It is the old and stable
kernel.
On average 7 fixes per developer over 2 1/2 months that are tested and
accepted.
This shows that Linux developer are not a "rag tag army" and that SCO's argument
is wrong.
Even a very small fraction of the worlds developers has all the nessecary
knowledge and time
to create a competitive OS in an open source environment. Magnus Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:53 PM EDT |
Wasnt sco's response to redhat due today. I presume at 5:00pm (delaware? time).
What are the consequences of sco missing the deadline? fava[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 02:56 PM EDT |
One vote for Eric Raymond not to be leader either of the "Rebel Forces" or the
Linux community.
What happened? He was contacted by a "cut-out" (like in the spy movies) who
claimed to represent the hacker who took down SCO's website?
So then he contacts the media with the story that the attack started and stopped
because of him? Now SCO gets to say its site was down for an entire weekend
because of an attack by Linux users and as usual doesn't have to provide any
evidence at all?
Absolutely ridiculous. If there was a real "Rebel Leader" we should have held a
recall election. How embarrassing that someone on our side could get caught
up in Star Wars/James Bond nonsense in a way that would be helpful to SCO.
And the consequence is that the mainstream press is full of this story instead
of the story of the debunked slide presentation. I am disgusted. r.a.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:03 PM EDT |
Hackers cut off SCO Web site - A few more links
http://news.com.c
om/2100-1002_3-5067743.html?tag=fd_top
http://www.nyti
mes.com/cnet/CNET_2100-1002_3-5067743.html
http://biz.yahoo.com/d
jus/030825/1353000763_1.html Elivas[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:08 PM EDT |
"And the consequence is that the mainstream press is full of this story instead
of the story of the debunked slide presentation. I am disgusted."
That's exactly why this happened this weekend! Elivas[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:19 PM EDT |
CNET article critizises security of OpenServer, but the site was running on
Linux and the Full Disclosure list only discusses problems with the version of
Apache they were using, that SCO has claimed was patched.
An unpatched, and vulnerable Apache, can be a security problem on any OS.
Press is still clueless, they dig a little but does not understand what they
find. Magnus Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:26 PM EDT |
Here is one of the original quotes about MIT
http://www.computerworld.com/governmenttopics/government
/legalissues/story/0,10801,81973,00.html
SCO was able to uncover the alleged violations by hiring three teams of experts,
including a group from the MIT math department, to analyze the Linux and Unix
source code for similarities. "All three found several instances where our Unix
source code had been found in Linux," said a SCO spokesman. quatermass - SCO
delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:31 PM EDT |
Slight correction, there are some discussions about the ftp deamon also, but the
same applies, it is not
in the OS kernel, it is a service on top of the OS. Since they seems to run a
lot of servers on Linux this is about
SCO server admin but not OpenServer. Magnus Lundin[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:53 PM EDT |
"You know what? I read it the first time and my mind just automatically filled
in the blank without a second thought. I had to go back and reread it to confirm
that you'd actually left out the word 'hair'. Bizarre."
Strange, I read it this way - "Darl's really that bad."
:^} J.F.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 03:54 PM EDT |
I don't get it. If have seen no press release so far that cannot
be traced down to ESR's letter or to rumors/speculations that
one can skim off the web. Is there anything tangible about all this
DDoS thingy? Like, err someone form SCOX coming out of the woods
and actually saying so? Even if we wouldn't trust him in that case.
20 Karma points to the first who delivers DDoS proof! El Tonno[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 04:04 PM EDT |
You know, ther probably was a dDoS attack - they happen all the time. Any script
kiddie can launch one, we just don't hear about most of them. I have sites that
have been hit by them, for no descernible reason. There just isn't any reason
for that to take the web site down for three days. Other MAJOR attacks - like to
whitehouse.gov and microsoft.com didn't result in more than an hour or two of
down time. They are either playing for the publicity, they are incompetent or
something else was going on. Mike Richie[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:12 PM EDT |
My bet is that there was no DoS attack. The press reporting it only quotes ESR
and reuses old snippets from SCO about the May attack. For once SCO is being
smart and silent: no confirmation or denial needed, the "open source movement"
is hurting itself with that story.
It looks like ESR is definitely our McBride: has plans but can't tell them, has
anonymous supporters (asking him to be their war leader!), has fantasies about
movie characters (will settle for Obiwan Kenobi since James Bond is already
taken), and apparently is ready to say anything for his own publicity.
What an embarassement. Ph(i)Nk 0[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:28 PM EDT |
PhiNK, see http://biz.yahoo.com/d
jus/030825/1353000763_1.html
Blake Stowell, an SCO spokesman, said the software company has notified law
enforcement authorities about the latest attack,
I agree with your general sentiments, I think ESR set a trap for himself. Great
leadership!
1. He makes vague threats in his over-emotional initial open letter. Remember
lots of people, including me said it could be construed (for example by SCO) in
a bad way, even if it was clear to those in the know, that it wasn't what was
intended.
2. When the site goes dead. He then says it's definitely an attack, before that
is clear (unless he had some evidence that he didn't disclose)
3. He then gets involved with communicating with the alleged attacker, and
announces this all to the world.
4. His comments predictably then get used by SCO (although not as badly as they
could have been, maybe McBride was not involved in choosing the quotation to use
:-))
5. The whole thing, the "attack", and more importantly the ESR comments, become
the news story, instead of the code analysis or MIT thing.
Any of the first 4 could have been different if ESR had acted differently, and
the 5th wouldn't have happened.
1. He could have been specific or less emotional, or not written that open
letter, and just got on with whatever it is he plans to do. It's not like he had
no communication with SCO before.
2. He could have avoided jumping to conclusions, or even speculating
3. When he got contacted, he could have simply quietly called the FBI, or told
the guy to stop in private, or whatever, rather than issue more press.
4-5. If SCO are the victims of an attack - it is NOT justified - and is NOT
acceptable. Trouble is ESR gave SCO extra ammunition and coverage of their
"victim" status, as well as distraction from the issues in dispute. quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:36 PM EDT |
Concerning the website outage, there are only a few pieces of evidence. Mr. W
told ESR he was calling on behalf of Mr. X, who DoS'd the website, somehow
making it not look like a DoS, but since decided to call off his bots. Also,
Mr. Y, a gentleman in the ViaWest NOC, told Larry Rosenman the sites were being
temporarily blocked at InterNAP because of a DDoS. Blake Stowell has said he's
contacted law enforcement and is taking it seriously. Finally, News.com's Martin
LaMonica says a SCO representative Mr. Z "could not say" where the attacks came
from. (Tell me if I'm missing anything.) Of those people, we have no reason
not to trust ESR, Martin LaMonica, and Larry Rosenman. We have reason not to
trust Blake Stowell and Mr. Z. And we have no information about Mr. W, Mr. X,
and Mr. Y.
My point is that it's currently not possible to know whether there was a DDoS or
not. It's possible that Mr. W and Mr. X are honest unidentified hackers, that
Mr. Y is right, and that Blake Stowell and Mr. Z are telling the truth. It's
also possible that Mr. W is McBride, that Mr. X is his janitor who pulled the
plug, that Mr. Y was misinformed, and that Blake Stowell and Mr. Z are lying.
How would we know? We need technical details of the DDoS from someone we can
trust, and tangible proof that it happened. We also need to prove the
identities of Mr. W and Mr. X, and to find out why they were so wishy-washy.
I personally fear that there was a DDoS, but I'm still holding out for the
tinfoil hat theory. Nucleon[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:37 PM EDT |
HTTP Headers returned from www.sco.com:
HTTP/1.1 200 OK
Date: Tue, 26 Aug 2003 00:30:03 GMT
Server: Rapidsite/Apa/1.3.27 (Unix) FrontPage/5.0.2.2510 mod_ssl/2.8.12
OpenSSL/0.9.7a
Last-Modified: Tue, 15 Apr 2003 23:03:25 GMT
ETag: "743852a-6a03-3e9c8fbd"
Accept-Ranges: bytes
Content-Length: 27139
Connection: close
Content-Type: text/html
According to about.com,
"RapidSite is not a Web server per se; rather, it is a virtual hosting service
that runs on a personalized version of Apache. It is a popular alternative to
purchasing a dedicated Web server. Platform: Independent."
So, still running apache, the OS is still unknown. Looking... Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:38 PM EDT |
Here's another guy who called the
800 number and was told the site was down for an update. Bob[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:49 PM EDT |
There was supiciously heavy traffic on www.sco.com, as shown
<ahref="http://news.netcraft.com/">here.
This raises the level of suspicion, but unless samples of the
packets invovled are analyzed nobody can be positive of a DDoS. D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:55 PM EDT |
Could be that "our website is down for matenience and upgrades" sounds like
better PR then telling your prospective customers (defendants?) calling "our web
site is being attacked by pissed off hackers and we can't cope". Supa[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:56 PM EDT |
htt
p://asia.cnet.com/newstech/applications/0,39001094,39148140,00.htm
http://ww
w.theage.com.au/articles/2003/08/26/1061663769161.html quatermass - SCO
delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 05:59 PM EDT |
An alternate explanation for the higher response times (click on the picture for
a more recent one) is that everyone and their dog is currently reading the site,
looking for news, downloading kernels to see if they're still there, deciphering
hi-res t-shirts, and so on. On the other hand, towards the beginning the site
was still sometimes reachable. It's interesting that the OS may have
changed. Nucleon[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:10 PM EDT |
$ nmap -v -v -O -sS -p 80 -P0 www.sco.com
Starting nmap V. 3.00 ( www.insecure.org/nmap )
Host c7pub-216-250-140-112.center7.com (216.250.140.112) appears to be up ...
good.
Initiating SYN Stealth Scan against c7pub-216-250-140-112.center7.com
(216.250.140.112)
Adding open port 80/tcp
The SYN Stealth Scan took 0 seconds to scan 1 ports.
Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
For OSScan assuming that port 80 is open and port 44638 is closed and neither
are firewalled
Interesting ports on c7pub-216-250-140-112.center7.com (216.250.140.112):
Port State Service
80/tcp open http
Remote operating system guess: Linux 2.1.19 - 2.2.20
OS Fingerprint:
TSeq(Class=RI%gcd=1%SI=1D2CFA%TS=100HZ)
T1(Resp=Y%DF=Y%W=7F53%ACK=S++%Flags=AS%Ops=MENNTNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)
Uptime 266.003 days (since Mon Dec 02 17:04:54 2002)
TCP Sequence Prediction: Class=random positive increments
Difficulty=1912058 (Good luck!)
TCP ISN Seq. Numbers: D5780FF6 D5D706A8 D57B08FC D5BA7781 D5AA7C08 D556C370
IPID Sequence Generation: Busy server or unknown class
Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds
I really have no idea what most of that means. Apparently nmap can deduce the
operating system based on how it packages TCP packets. But, where did that 266
uptime days figure come from? If it's accurate then SCO didn't reboot the
machine over the weekend. Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:18 PM EDT |
Read the manual. :) "The -O option also enables several other tests.
One is the 'Uptime' measurement, which uses the TCP
timestamp option (RFC 1323) to guess when a machine
was last rebooted. This is only reported for machines
which provide this information."
So assuming SCO didn't hack their kernel to put fake information in the TCP
layer, then they're running Linix 2.19 and have been for 266 days. Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:18 PM EDT |
From Eric Raymond's
This is, of course, speculation. Eric may have much more information than he
shared in his article... but the article as it is looks like there's an even
chance that Eric's been taken for a ride. This whole episode stinks of last
week's fish. Chris Cogdon[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:18 PM EDT |
And by the way, nmap? SCARY. Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:21 PM EDT |
From Eric Raymond's article
but it will not actually end until the timers on his 'bots run out.
This could also be translated as "I didn't actually start the DDoS, nor am I
sure it's really a DDoS, and since I have no control of it, whatever it is, I
obviously can't turn off the attack on a whim. So... I'll just say 'The timers
on the bots have to run out, first' so that way the site can appear to stay down
a bit more and when it comes back up, it'll look like the attack has ended."
This is, of course, speculation. Eric may have much more information than he
shared in his article... but the article as it is looks like there's an even
chance that Eric's been taken for a ride. This whole episode stinks of last
week's fish.
(Sorry for the screwup in the previous post) Chris Cogdon[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:24 PM EDT |
Nucleon,
regarding Mr X, Y, Z, Black, Blue, Red and Larry Rosenham comment
While it might be genuine, I'd like to point out a Larry Rosenham won a $50 gift
certificate from SCO on August 7th for being one of the quickest to reply to an
email newsletter, I think a SCO reseller newsletter. Link posted in previous
comments section.
I don't know whether this is the same Rosenham, or even if it is, whether this
should affect your judgement of the post to usenet, but it is another background
fact to be aware of. quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:45 PM EDT |
Going back to the 3 teams, including MIT-related mathematicians - which I think
is actually the most important issue of the day
Everything that follows is **Speculation** and **Opinion**:
I've been wondering for a while about SCO paying them...
3 teams, must be 6 people minimum (a team of 1 is not a team by any usual
definition), and I think more realistically at least 9 people (I would say 2
people probably doesn't fit definition of team).
They have been variously described as "independent" (repeatedly) and "external".
So they can't be SCO employees, I think. They are also described as "experts".
And SCO todays says they are connected somehow to MIT.
If a person in the team earns $100K per year, a reasonable guess I think, they'd
earn $25K per quarter. $25K X 6 people = $150K per quarter. $25 X 9 people =
$225K per quarter.
However if they are consultants working for some outside company, SCO paying
$25K per quarter, is I think way too low. $25K divided by 60 or so working days
in a quarter is = $416 per day. Tell me where you get "expert" MIT-like computer
consulting in the US for $416 per day - I'd be surprised. Plus my experience is
companies usually charge about (or more than) X2 wage bill for consulting.
So I'd update my *minimum* cost estimate to
$25K X 6 people X 2 = $300K per quarter. $25 X 9 people X 2 = $450K per
quarter.
Now this is really an absolute minimum, probably an underestimate, I think that
fits my *interpretation* of what SCO says. The reason I say this
1. I'm using an extreme minimal definition of team
2. I'm using very low consulting rates for supposed experts
3. I'm assuming no other costs than paying for the wages/time
So, my *assumption*, is the real bill should be more, probably much more.
The question that follows, is where do SCO put the $300K-$450K (and probably
more) expense on their 10-Q. We haven't one 10-Q since this started (and
they'll be another one soon). Anybody?
One other thing, McBride, I think said legal costs are $500K-$600K per quarter
for SCO at present in conference call or some press statement (somebody look it
up please, and confirm?). If the 3 teams are part of this, I can't see much, if
anything, being left for other legal expenses. quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:48 PM EDT |
This has nothing to do with this thread but I didn't know where else to post it.
It seems as though discovery has almost started. According to the Utah Federal
District Court on 4 August the SCO Group responded to IBM's first set of
interrogatories and request for documents. No objections were noted. The
document is not yet available publicly.
On 14 August 14 IBM responded to SCO's request with some apparent
objections. The document is not yet available publicly either. The discovery
cutoff date is 10-22-04. There is going to be a lot of paperwork flying.
A jury trial is demanded by both parties (old news). Unless Judge Kimball
dismisses the case out of hand, the jury is going to be in for an entertaining
five weeks. I would hate to be SCO's lawyers as all of those contradictory
statements are paraded before the jury.
Glenn Glenn Thigpen[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 06:52 PM EDT |
Has anything happened with Red Hat suit? Was anything supposed to have happened
yet? quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:19 PM EDT |
Typo correction:
The question that follows, is where do SCO put the $300K-$450K (and probably
more) expense on their 10-Q. We have had one 10-Q since this started (and
they'll be another one soon). Anybody?
Comments on the math or assumptions in my speculation, very welcome and
appreciated? quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:33 PM EDT |
John,
I've found that the base that netcraft was showing in the graphs that were
shown correlates well with high volume. I agree that the spikes can mean
many things.
Only analysis of *many* of the packets will be of use.
Guess what we will likely never see?
What caused the high volume? I don't know.
Was the high volume abnormal for the site. I don't know.
Will the public see a good selection of the packets that were
recieved during the period in question? I doubt it.
During the "down time", you and I and others, were able to pinpoint
which serivices were not available, and which were.
We do not know why, but have some guesses -- speculation, if you will.
D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:38 PM EDT |
> Comments on the math or assumptions
Very close, IMHO. In my previous job, we billed out text-mining gurus at
$300/hr, and they would be assisted by graduate students we billed out at
$150/hr, at a ratio of ~4 grad students per Ph.D. 'expert'. So figure $900/hr
for team of 5, $36K per week * 12 weeks = $432K/quarter. Bob[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:39 PM EDT |
quartermass, I'm not familiar with the laws surrounding what you have to list on
10-Q, but in general I like where you're going with this. Either no such
analysts were ever paid, or they were paid by someone else -- three guesses who.
But I don't know what standard procedure here is. Will analysts accept payment
spread over several installments etc.
Would it be a breach of professional decorum for somebody to call Ms Didio and
ask her how much SCO paid her for her informed opinions?
Along these lines, I'm sure somebody with an MBA could probably figure in even
more expenses related to elaborate NDAs and extra security guards and so forth
that should probably be showing up on 10Q.
Mind you I don't really know what I'm talking about, anybody a CEO here? :) Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:45 PM EDT |
quartermass,
10Q's are filed every 90 days with the SEC, on a given companies fiscal
year.
The relevent ones for SCOG will be going backward, Dec. 2002, Aug. 2002
etc.,
10Q's are public record.
Per public statements from McBride, they started looking at their unix IP
"last summer". McBride started work at Caldera 28, June 2002. D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:58 PM EDT |
Paul,
1) Your use of nmap on a network that you do not have responsiblity for is at
best an ethical violation, and at worst can place you at risk for
criminal violation of at least three federal "computer crime" laws.
2) The report is has no use after the site is up. The only time that a
nmap could have provided any useful information was when the SCOG sites
down. D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 07:59 PM EDT |
The 10Q won't have specific enough detail to find the consultants. I expect
them to charge them as a cost of revenue in the SCO Source division. The cost
of licensing revenue was 2.16 million in the 1st quarter from their Apr 30 10Q.
They say 500-600 thousand was legal fees, Another half a million could possibly
be this code scouring project.
They pay the rest to Didio for her analysis. :) Would you do what she's doing
for that amount? r.a.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 08:09 PM EDT |
D,
Thanks for the info. Which laws? I want to read up for future reference.
Also, I did limit the scan to port 80, which everybody already knows is open. I
wasn't scanning for vulnerabilities, and I don't believe that the information I
posted could be used to launch an attack on SCO's systems.
Also, how does NetCraft get this information legally? Paul[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 08:26 PM EDT |
Paul,
Regarding " Would it be a breach of professional decorum for somebody to call Ms
Didio and ask her how much SCO paid her for her informed opinions?"
You can find the NDA at LWN, and the open ended question would be:
"Did did SCOG buy DiDio's writing, or did Yankee Group pay for DiDio's
writing." D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 08:37 PM EDT |
Paul > quartermass, I'm not familiar with the laws surrounding what you have to
list on 10-Q, but in general I like where you're going with this. Either no such
analysts were ever paid, or they were paid by someone else -- three guesses who.
My Answer: I'm not yet going anywhere in particular. I have not drawn any
conclusions yet. What I think we should be able to determine is how seriously
SCO is investigating the code, for how long, etc.
D has widen the time-frame, which gives us more time to research.
Paul> But I don't know what standard procedure here is. Will analysts accept
payment spread over several installments etc.
My Answer: I think you are confusing two things. "Analysts" like Yankee etc.,
and the "research" on code. I do not have direct experience of Yankee Group, but
I do with some other similar type analyst firms -- a code research project
line-by-line is not something that I think the Yankee type analysts would do,
*probably*, AFAIK. The analysts firms that I know, would not do this - they just
wrote very general reports an industry (sometimes ill-informed) and gave
speeches.
I also think it's unlikely DiDio or Yankee Group was involved in the "research"
aspect, as the timing is all wrong.
In my experience, Analyst type firms, would write general reports or appear in
media from time to time anyway - to talk about news - but to get them to do much
more (like talk about a specific company or issue) would usually require
payment.
For the "research", I can't imagine how SCO could be able to go without paying
them indefinitely. They must be paid, or else their firm dies and the workers
starve. If you were a researcher, you'd want to be paid, no matter what you
found? And in a timely fashion? Right?
Paul> Would it be a breach of professional decorum for somebody to call Ms Didio
and ask her how much SCO paid her for her informed opinions?
My answer: Yes, probably, especially if you phrase it like that - you're
assuming they paid her. Assumption - not fact.
According to one site, I read, somebody did however ask SCO if they pay Yankee
Group, and Stowell said it would be improper to comment. Try to hunt it down,
it's on lwn or linuxjournal or some such site.
> Mind you I don't really know what I'm talking about, anybody a CEO here? :)
I am not a CEO or CFO, but I think that I'm (a layman) generally familiar enough
with 10-Qs to know roughly what to look for. I haven't looked thru SCO's yet,
hard enough, to spot it.
r.a > The 10Q won't have specific enough detail to find the consultants. I
expect them to charge them as a cost of revenue in the SCO Source division
That's what I expect too.
I'm somewhat surprised if they are allowed to put litigation expenses in
there.
I think McBride said they have or had 8 internal SCO people in there too, so we
might have to deduct that. quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 08:52 PM EDT |
Paul,
Time for you do some home work. Each and every law on "internet decency"
has had clauses forbidding the use of tools like portscanners. Each
time, these cases reached the supremes, the first ammendment
violations were removed. The rest of the law(s) stands.
Using a portscanner is a grey area. Four seconds is no defense. D.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 09:07 PM EDT |
Quartermass:
From the 10Q the closest I can find is:
"Cost of Licensing Revenue. Cost of licensing revenue was $2,163,000 for
the second quarter and first two quarters of fiscal year 2003 and $0 for the
second quarter and first two quarters of fiscal year 2002. Cost of licensing
revenue as a percentage of licensing revenue was 26 percent for the second
quarter of fiscal year 2003. Cost of licensing revenue includes the salaries
and related personnel costs of internal personnel dedicated to the SCOsource
licensing initiative, as well as legal and professional fees
incurred in connection with the execution of the licensing agreements. We are
unable to predict the percentage of cost of licensing revenue for future
quarters due to the unpredictability of the related licensing revenue."
If memory serves, they said specifically that they have decided to charge the
IBM lawsuit as a cost of sales during their conference call.
Also in the 10Q they add:
The success of our SCOsource licensing initiative, at least initially, will
depend to a great extent on the perceived strength of our intellectual property
and contractual claims and our willingness to enforce our rights.
That may be their justification for charging the lawsuit as a cost of sales. r.a.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 09:23 PM EDT |
The article I was
hoping not to see.
This seems to be a new one by Robert McMillan IDG News Service, 08/25/03. It
has nice juicy quotes from McBride about terrorism. SCO released few (no)
details other than that they were attacked.
What makes me so angry is the sense I got from Raymond's letters that said
"don't do this but look how powerful I am."
On the other hand, their side makes mistakes and our side makes mistakes.
SCO's basic proposition is who are you going to believe, a listed company or a
bunch of hackers? That proposition took some major hits last week because of
some big blunders on their part. Enough that they should have had to explain
exactly how a ddos took them offline for an entire weekend and they came back
with a (slightly) changed site. But a blunder on our side gave some of it
back.
I don't expect Raymond to make that mistake again. So we'll just move
forward. r.a.[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 09:43 PM EDT |
Has anyone else but ESR confirmed it was a DDOS attack? And does anyone else
find it strange that Sco's PR spindmeisters are uncharacteristically silent.
BTW Any thoughts on ESR and his starwarish "stop & rally behind me" statement?
As far as I can determine it has created more of a personal backlash than
anything else.
http://linuxtoda
y.com/infrastructure/2003082501026NWCYLL monkymind[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 09:47 PM EDT |
What makes me angry is Raymond's intervention has been predictably counter
productive (see my earlier post) so far in a variety of ways.
What makes me really angry, is Raymond talking about "we" when referring to the
hacker. I'm not sure I want to be in the same "we" as Raymond. And I definitely
do NOT want to be in the same "we" as the hacker, if there was one. But, Raymond
has allowed himself to be construed as (and to some extent the rest of our side)
in that 1st person plural as the alleged hacker. quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 09:55 PM EDT |
monkymind: Well, I don't know about others, but I thought the starwish statement
was silly and counterproductive, poor PR too, for lots of reasons I've already
stated, including at 8/25/03; 5:28:32 PM. The subsequent statements from ESR,
got me fuming. If he's going to do something useful - do it - if he hasn't, then
fine, don't - but I do hope he keeps his mouth shut if this is the best he can
do.
News:
http://www.linuxworld.com/story
/33982.htm quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 10:06 PM EDT |
Is www.sco.com (216.250.140.112) down again for anyone else? It was back on-line
earlier this evening, but now it's dead again. For me (in St. Louis) it looks
like things are dying at the Denver peer between Level 3 and viawest. I can get
to www.canopy.com (216.250.142.120) and www.vultus.com (216.250.128.235). Maybe
it's just temporary... Joe Wells[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 10:07 PM EDT |
Same ole same ole about perens, new stuff about the NDA though
http
://www.cbronline.com/todaysnews/fcbc3decade58eb080256d8e0018bad3 quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 10:35 PM EDT |
On the whole Eric Raymond thing, I think we have to consider the issue of who he
is addressing. Is he really addressing the community at large, or is he speaking
to young, outraged "LeEt HaCkErz" who may be frothing at the mouth to go after
SCO? If he's speaking to the "LeEt HaCkErz" then I think he's taking the right
tone and making conscious use of the Star Wars imagery to make his point.
There's also a backhanded message to SCO here, something along the lines of "I
speak their language and can unleash them at will."
As to the issue of whether "a friend of a friend" really attacked SCO, at least
its an honest error. At worst, ESR grabbed the issue and ran with it in order to
make a point. (I'll be he and every other Linux bigwig get a dozen "I am leet
and I'll take SCO down for you, dude," letterz every day.)
On the subject of consultants, I suspect that we're assuming too much time on
their part. After all, the task could be easily automated. I could probably
write the necessary code to do diffs and greps on the SCO vs. Linux source code
in a day using nothing but simple shell scripts. This would include formatting
and some basic stuff that would output filenames and line numbers. Then I'd run
them overnight and let them create a report which I would rewrite as
necessary.ive.
Given the history of the various Unix code trees, this approach would naturally
create a huge number of false positives. I suspect that SCO's consultants wrote
such routines (or had them in the can already) and did "good" work on code they
didn't understand at all. As a result, we have a lawsuit instead of well
educated "suits."
Just my .02 for the day. Alex Roston[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 10:40 PM EDT |
Alex, potential problem with your theory of automated search, is SCO says they
haven't finished searching yet. It also doesn't fit (what does) with the fact
that claims both increased over time (as you might expect if they did more
search time), and once radically decreased (as pointed out in a previous comment
from SCO quotes, and I think on Mozillaquest) quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 10:44 PM EDT |
RE: ESR & DDOS
Yes - with Sco's code and (non-)MIT experts underfire in the press it does
appear to be a particularly poor strategic move for ESR to shoot himself in the
foot and divert the attention away.
Joe: www.sco.com is definitely unreachable again .......
12 so-6-2-0-100.mp1.sjo1.Level3.net (64.159.4.73) 279.945 ms 289.453 ms
289.919 ms
13 so-2-0-0.mp1.Denver1.Level3.net (64.159.0.241) 319.936 ms 319.463 ms
319.887 ms
* monkymind[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 11:12 PM EDT |
It took SCO four days to trot out their first DDOS media release back in May.
It may be the same this time around...
MEDIA ALERT: Statement from SCO regarding Denial of Service attack
FBI Investigating Serious Denial of Service Attack Against SCO; Seeks to Confirm
Identity of Attacker
Lindon, Utah - May 6, 2003 - SCO (Nasdaq: SCOX) today confirmed that on Friday,
May 2, 2003 at approximately 10:00 a.m. Mountain Time, it was victimized by a
large scale, coordinated Denial of Service (DoS) attack. The attack consumed
about 90 percent of the available bandwidth of SCO's service provider for the
entire Lindon, Utah backbone.
For the people trying to track down a second report to the Feds about the most
recent purported takedown, I suggest you contact this office mentioned in the
earlier release:
A special agent for Intrusion Detection at the FBI Cyber Crimes Division in Salt
Lake City was contacted and is now analyzing full information on the attacks.
Personnel at the U.S. Attorney's office are proceeding with an investigation
into the attack.
Belzecue[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 11:23 PM EDT |
Yep, the SCO website went down again at 4 GMT. It is a scriptkiddies wet dream
with the Netcraft performance monitor publicly available.
I am wondering why I see response times spikes only on the Texas measurement
plots. MathFox[ Reply to This | # ]
|
|
Authored by: Anonymous on Monday, August 25 2003 @ 11:28 PM EDT |
Found an old interview with Darl McDibshit done by Computerworld back in
October.
Where do you see SCO in five years? What will SCO be doing then?
I see SCO five years from now being as significant a technology brand as it
was five to 10 years ago. We're going to embrace the great things of our past
and our roots in Unix and move forward with a strong set of Unix and Linux
offerings. On top of the operating systems business, we see a number of
solutions-based opportunities, including in retail point-of-sale software. We're
not only going to be getting back to where we were, but going beyond that.
Suprisingly this wasn't that long ago, and there is no mention in this
article about enforcing their IP.
Click here SD[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 03:22 AM EDT |
jap, the same as friday evening. trace to sco.com..
5 ae0-12.mpls2.Zurich1.Level3.net (213.242.66.18) 15.926 ms 14.920 ms
22.090 ms
6 so-0-0-0.mp1.London2.Level3.net (212.187.128.61) 196.782 ms * 264.509 ms
7 so-1-0-0.bbr1.Washington1.level3.net (212.187.128.138) 141.347 ms 543.803
ms 504.859 ms
8 so-3-0-0.mp1.Denver1.Level3.net (64.159.1.113) 370.681 ms 189.781 ms
146.012 ms
9 gigabitethernet10-0.hsipaccess2.Denver1.Level3.net (64.159.3.122) 163.912
ms !H * 156.106 ms !H
John, could you phone again to sco and report what they say now? =) andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 03:24 AM EDT |
From the NWFUSION link above:
"Terrorists do things designed to intimidate people, and we see a lot of that
going on all the time -- people trying to attack us or people that we're
associated with," he [McBride]said at the time. "If you look at a DOS attack,
that's a form of cyber-terrorism," he said.
I'm now a slightly bit more concerned about the whole thing - it was comical
before, because absurd - now though, this is a whole new dimension - political.
Will the "war on turr" be expanded, to fight the enemies of freedom, the
evil-doers, the open source communists? DamoDot[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 03:31 AM EDT |
halloween 9! by ESR..
-> http://www.opensource
.org/halloween/halloween9.html
if you can read german or want to translate: http://heise.de/newstick
er/data/jk-26.08.03-002/ andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 03:35 AM EDT |
something new on netcraft: http://news.netcraft.com/archives/200
3/08/25/if_you_were_sco_where_would_you_host_your_investor_relations_site.html
a>
interesting.. :) andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 04:27 AM EDT |
About SCO taking 4 days to report the May 2 attack: not so. It was reported on
May 2, 6 hours after it started with details about what happened, how it was
fixed, direct quotes from Stowell, information about the investigation:
http://news.com.com/2100-1002
_3-999584.html
Contrast with last week-end alleged attack where 3 days later we have ESR
quotes, rehashes from last time, and "The SCO representative could not say where
this weekend's strike originated":
http://news.com.com/2100-100
2_3-5067743.html
McBride calling DoS attackers terrorists doesn't mean they were attacked last
week-end. IMHO all their published comments can be attributed to the May attack,
or are general comments with no implications to the last event. I think it shows
there was nothing, and that they let this story develop by itself and with help
from braggers. Every time there is a bombing 3, often unknown, groups claim
responsability. Same thing here, except there was probably no bombing: I don't
believe ESR story. Ph(i)Nk 0[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 05:32 AM EDT |
YAFTI-YA! (Yet another from the Inquirer - Yet Again)
No info though, just the status report: http://www.theinquirer.net/?art
icle=11211
The "SCOX files" continue... El Tonno[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 05:33 AM EDT |
SCO is invoicing linux customers according to this story.
http://
www.commentwire.com/commwire_story.asp?commentwire_ID=4733
Bert Bert[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 05:50 AM EDT |
Talk about shoddy reporting. SCO must have a lot of shills in the media, when
you get statements like:
"While the amount of evidence revealed by SCO is not great, it does appear that
it may have a case against IBM and other Unix licensees, particularly given the
strength of the Unix licensing agreements passed down to SCO from AT&T [T]."
as found in the datamonitor article Bert linked to above. MajorLeePissed[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 05:57 AM EDT |
I beleive the reason sco.com was down can be found in the other Linux favorable
press releases last week.
SCO went over their own site with a fine toothed comb, looking for code that
needed changing in the old Unix sections.
A site does not come up from a DDOS with different OS and webserver info without
there has been some type of change,
this supports the "SCO employee" who stated the site is down for upgrades.
Lastly, We are providing SCO with a million eyes on any errors in their lawsuit,
the court of public opinion does not count in a court of law. We all need
realize SCO's reads all the information we post, so we must think before we
post. nm[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 06:00 AM EDT |
About the Heise article at http://heise.de/newstick
er/data/jk-26.08.03-002/ :
The first paragraph is an introduction of the Halloween 9 document, it ends
with [Halloween 9] summarises the state of affairs nicely, as far as it
concerns American business.
Paragraph 2 (bear with the amateuristic foreign-foreign language translation):
Whether Linux in Europe is also safe from SCO's claims, is a new aspect
in the debate. The English lawyer Gary Lea pointed in a letter to the Register
to the difference between US and European Law. In his letter Lea says he's
convinced that European users are sufficiently protected by the GPL from
SCO style threaths. He doubts that an indemnication licence that could be
valid in the USA would be passable in the same way in Europe. In the context
of Raymond one may say: Halloween is just an American popular party, that one
celebrate lonely in Europe.
The last paragraph states that ESR is on solid ground again after his
slip on the DDOS attack.
As a personal note: Gary Lea spoke specificly about English copyright law;
I know that Dutch law differs in some significant details, there is a right
to use a copyrighted work "for the purpose that it was intended", even if some
copying is involved. Distribution remains prohibited. MathFox[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 06:23 AM EDT |
MIT story:
http://www.theinquirer.net/?art
icle=11208
Hacker story:
http://www.ciol.com/c
ontent/news/2003/103082606.asp
http://www.inter
netnews.com/dev-news/article.php/3068581
Other News:
http://www.it-anal
ysis.com/article.php?articleid=11180 quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 06:28 AM EDT |
MajorLeePissed i totally agree that comment just kind of leapts at you.wonder
who the shill is feeding them the ignorant type info?because they obviously have
not looked at documents. has anyone any idea about the redhat vs sco case .has
an answer been filed? do we have someone that is from there that can check the
info to see. brenda banks[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:01 AM EDT |
Hm, I think too, ESR was too early with his statement. He should first have
verified his phone call before sending it to linuxtoday.com. Hope he will do
this next time better.
The new halloween document of ESR sums the whole story up very well and clearly.
That's nice done. andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:02 AM EDT |
To qoute NASA from a terrible incident: "We seem to have a major
malfunction."
Something might have backfired - it might not be a DDoS attack, but a DiDioS
foulup... -r[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:02 AM EDT |
There dam well better have been a dos attack or Blake Stowell is in doodoo for
filing a false police report. The feds do not take kindly to wasting their
precious time on wild goose chases.... unless of course Stowell was lying about
contacting the FBI in order to play the victim card.
NEW YORK (Dow Jones)--SCO Group Inc. (SCOX) has been hit by a coordinated
computer attack that has flooded its Web site with traffic, making it
inaccessible to many visitors for several days.
It's the second time this year the Linden, Utah, company's Web site has been the
target of a denial-of-service attack. In such attacks, hackers use multiple
computers to overwhelm a site with traffic.
Blake Stowell, an SCO spokesman, said the software company has notified law
enforcement authorities about the latest attack, which has temporarily knocked
out the company's U.S. and U.K. Web sites.
sam[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:16 AM EDT |
sam: Couldn't, shouldn't, Stowell report that someone claimed a DoS attack on
their site and ask for an investigation, even if they haven't noticed it?
And in any case, taken literally, Stowell could be talking about the May 2
attack. I still haven't seen anyone from SCO claiming an attack starting last
Friday! Ph(i)Nk 0[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:22 AM EDT |
Sam,
Maybe there was a DoS attack during the time SCO had their server down for
maintanance? Bert[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:23 AM EDT |
As of 14:15 GMT, the following SCOX services are back
www.sco.com - HTTP
www.caldera.com - HTTP
ftp.sco.com - FTP
www.sco.de - HTTP
Enjoy! El Tonno[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:23 AM EDT |
We're looking for verfication of an (on-going?) attack on SCOX,
but has anyone verfied that ESR in fact wrote that thing? I mean,
couldn't his site 've been hacked?
PJ: Have you had any "direct communication" (e.g. e-mail) with ESR? -r[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:24 AM EDT |
We're looking for verfication of an (on-going?) attack on SCOX,
but has anyone verfied that ESR in fact wrote that thing? I mean,
couldn't his site 've been hacked?
PJ: Have you had any "direct communication" (e.g. e-mail) with ESR? -r[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:29 AM EDT |
What?! Six days go by without more ranting from $CO??!
This is perplexing. The only news of their antics, so far, is that they are
sending out invoices - which should be gold to prosecutors.
Anyone else seen anything? MajorLeePissed[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:33 AM EDT |
Looks like sco is just up... -r[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:36 AM EDT |
http://www.opensource
.org/halloween/halloween9.html
Who profited from the DR-DOS lawsuit - you might be surprised!
http://www.theregi
ster.co.uk/content/archive/9507.html quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 07:55 AM EDT |
Wrong are for this, but if true it is too good to hold:
http://
www.commentwire.com/commwire_story.asp?commentwire_ID=4733
" August 26, 2003 11:58 AM GMT (Datamonitor) - SCO [SCOX] is beginning to
invoice Linux users for their use of Unix code that it says has been illegally
copied into the open source operating system. This leaves IT shops around the
world with a deceptively simple decision: pay the fine, or take a chance."
So, if they are doing it and not just saying it - I guess that the counter suits
can now begin.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 08:08 AM EDT |
if there are really companies who pay, so SCO can really earn money with
licensing the linux kernel, then we are entering in a new level of this darma.
SCO would earn money for the work of all kernel contributors. I hope if this
case will anytime be reality, IBM does what it should do! andre[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 08:40 AM EDT |
From yahoo board Msg: 33258
The invoices are out:
http://
www.commentwire.com/commwire_story.asp?commentwire_ID=4733 Greg T Hill[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 09:26 AM EDT |
I should reload the comments before posting....... Greg T Hill[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:14 AM EDT |
ok i am about to just start having withdrawal pains.No announcements .. the
silence is too much
hehehe.i just do not believe there was a ddos attack .they couldnt stay quiet
this long. brenda banks[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:15 AM EDT |
> The invoices are out: commentwire.com
I'm not ready to believe that. The news coverage of this entire soap opera has
been appallingly bad when it comes to details like this. This story could be
nothing more than another reporter or "analyst" taking McBride's recent comments
that they would be issuing invoices Real Soon Now a little too literally.
SCO was going to audit AIX customers Real Soon Now as well. Then they were going
to sell those "protection licenses" Real Soon Now, but no one who has called
trying to buy one can actually do so.
I want to hear from somebody who actually got an invoice through the mail from
SCO. Until that happens, I'm inclined to write this off as more bad
journalism. Bob[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:29 AM EDT |
we do know why there havent been any announcements though the stocks are arent
dropping yet. brenda banks[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:38 AM EDT |
Any news on the Red Hat front? Any one? quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:44 AM EDT |
I find this very strange: here is the first
news story I've seen discussing the newest "outage" today. It says this:The
outage prompted Netcraft to declare that SCO was again the target of a
denial-of-service attack. However, the outage was actually due to preventative
measures taken by SCO and its hosting service to mitigate the effects of future
attacks, according to company spokesman Marc Modersitzki.
I've been to the Netcraft site numerous times over the last several days, and I
don't recall that they ever claimed that SCO had been hit by a DoS
attack. What they said was, no one can tell. Netcraft itself seems to be down at
the moment, but the last time I was there, earlier today, they made no claim at
all that "SCO was again the target of a denial-of-service attack." Where do
these reporters get this stuff? Bob[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:45 AM EDT |
http://www.nwfusion.co
m/news/2003/0826scodown.html quatermass - SCO delenda est[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 10:49 AM EDT |
you know just when you think it cant get any stranger something else happens.
wonder where the movie script for this is at?
as loud as they enjoy being there is no way they could have kept there mouth
shut this long
and where is the redhat answer also? brenda banks[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 11:05 AM EDT |
http:/
/www.tribnet.com/24hour/business/story/979950p-6876368c.html
still doesnt sound like an sco press release brenda banks[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 11:54 AM EDT |
(Off-topic)
D.,
(OT) Paul's use of nmap to guess at a remote site's operating system is not
"portscanning". It's simply analyzing an attempted or aborted connection to
port 80. Little nuances in the remote end's TCP stack are analyzed and matched
against a database of TCP stack "fingerprints" to make a guess at which
operating system is there. In this sense, it is no different from doing a ping,
a traceroute, or looking at HTTP headers.
I wish I could also say unequivocally that it's legal, but it's not yet well
defined whether any of those are legal; an interesting article on the
formulation of access-based computer crime laws can be found here. pik[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 26 2003 @ 06:28 PM EDT |
So SCO is going to bring in the FBI to track down the hacker behind the ddos
attack.
Are they sure they want the FBI snooping around SCO? Who knows what they might
find. Morolon[ Reply to This | # ]
|
|